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INTHECLAIMS: 
^se revise the claims, as follows. 



1. (Currently amended) A method of authenticating a subject, comprisingT" — ■ — 

using one or a plurality of biometric measurements for authentication without any 
sharing of the subject's biometric dat a, by accomplishing said authentication without any of 
said one or plurality of biometric measurements beinjg accessible in any form to any external 
device or external party . 

2. (Original) The method according to claim 1, fiirther comprising: 

storing said biometric data in an individual unit, said individual unit belonging to said 

subject. 

3. (Original) The method according to claim 2, wherein said individual vmit is portable for 
being carried by said subject. 

4. (Original) The method according to claim 2, wherein said individual unit is non-portable. 

5. (Original) The method according to claim 2, wherein said individual unit comprises one 
of a smart card, a personal area network (PAN) tool, and an apparatus linked to a network. 



6. (Original) The method according to claim 1, further comprising: 
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after said authentication, selectively obtaining access to any of a location, a service, 
and an option in a service by said subject. 

7. (Original) The method according to claim 1 , further comprising: 

generating at least one of a password and another authentication procedure based on 
biometric authentication locally under the subject's control. 

8. (Original) The method according to claim 7, further comprising: 

securely storing the biometric on an apparatus carried by said subject 



generating at least one of a password and another authentication procedure based on 
at least one biometric feature extracted locally under the subject's control. 

10. (Original) The method according to claim 9, wherein said generating is performed 
without storing the subject's biometric feature. 

11. (Original) The method accordtag to claim 9, further comprising: 

deriving said at least one of the password and the another authentication procedure 
&om the biometric extracted locally when authentication is required. 




9. (Original) The method according to claim 1, further comprising: 



12. (Original) The method according to claim 7, further comprising: 



1 
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deriving said at least one of the password and the another authentication procedure 
from compressed biometrics extracted locally under the subject's control or from a network, 
when authentication is required. 

13. (Previously presented) The method according to claim 7, further comprising: 

managing multiple passwords and authentication procedures, by at least one of: 
monitoring an authentication request; 
identifying a requester ; 

generating at le£ist one of a new password and an authentication procedure for 
a new requester; 

storing the authentication procedure generation method and the identity of the 
requester in a secure manner; and 

authenticating the user for known requesters using the stored procedure and 
the result of the local authentication procedure. 

y/l4. (Currently amended) A method of authenticating a characteristic of a subject, without 
compromising privacy of the subject, said method comprising: 

using at least one of a plurality of authentication methods including personal 
information of the subject, a biometric of the subject, a password, a personal identification 
number (PIN) and a secured component; and 

simultaneously with said using, said subject maintaining confidentiality of 
authentication information «ad by withholding access of said authentication information from 
any ether external device or external p arty, 

4 
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15. (Original) The method according to claim 14, further comprising: 

generating at least one of a password and another authentication procedure based on 
authentication locally under the subject's control. 

16. (Original) The method according to claim 15, further comprismg: 

securely storing authentication information on an apparatus locally under the subjects 

control. 




17. (Original) The method according to claim 1 5, further comprising: 



deriving said at least one of the password and the another authentication procedure 
from the local authentication when authentication is required. 

1 8. (Original) The method according to claim 16, further comprising: 

securely storing the authentication information on the apparatus using at least one of a 
knowledge-based information, a possession-based information, a password-based 
information, and a biometric-based information. 

19. (Original) The method according to claim 14, further comprising: 

selectively completing the authentication with a remote service using a 
communication port and protocol. 



5 
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20. (Currently amended) A method for ^^ecure authentication of a subject said method 
comprising: 

selectively requesting any of a password and a knowledge-based information from 
said subject; and 

simultaneously with said selectively requesting, interrogating biometric information 
of the subject, said biometric information being carried by said subjec t and being maintained 
inaccessible bv anv external dcvice > 



22. (Original) The method according to claim 20, further comprising: 

performing biometric data verification by a device associated with said subject, 
wherein said biometric data verification activates a password-controlled 
authentication mechanism which transfers information, but which withholds sufficient 
information so that the biometric is not revealed, to a party requiring authentication. 

23. (Original) The method according to claim 21, wherem obtaining said password is 
performed by using at least one of an encryption and secure hashmg. 

24. (Original) The method according to claim 20, wherein a device is carried by the subject 
to be authorized to perform a task. 



6 



I 



21. (Original) The method according to claim 20, further comprising: 



using said biometric information to generate said password. 



6 
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wherein at a moment of authorization, said device is presented to a reader of an 
authorizing machine of an entity seeking authentication, which prompts said device for a 
password for authorization to be given, and wherein said device reads a biometric of said 
subject using a sensor included in the device and computes the password. 

25. (Original) The method according to claim 24, wherein said device allows the password 
to be read by the authorizing machine. 



26. (Original) The method according to claim 25, wherein said password is read in a 
contacting manner. 

27. (Original) The method according to claim 25, wherein said password is read in a 
contact-free manner. 

28. (Original) The method according to claim 24, further comprising: 

using one of a hashing and a mapping technique, which is stable with respect to 
variations of the biometric extracted, said using including mapping regions of a 
biometric-print space, to the password having been computed. 

29. (Original) The method according to claim 28, wherein said using includes: 

measuring a biometric-print of the subject by ranking biometric prints of N subsets of 
M biometrics^ 




7 
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wherein an index of a top ranking of each of the N subsets is used in computing the 
password. 

30. (Original) The method according to claim 24, further comprising: 

storing on the device information regarding a previous authentication including a 
biometric-print of the subject. 



( 



31. (Original) The method according to claim 20, further comprising: 

encrypting a biometric-print using the subject's biometric and personal knowledge 
onto a device carried by said subject. 

32. (Original) The method according to claim 20, further comprising: 

providing a unique non-duplicable authentication mechanism on a device associated 
with said subject, said authentication mechanism being constructed so as to be completely 
independent of the biometric, 

wherein said authentication mechanism is prevented from accessing the biometric 

itself 

33. (Original) The method according to claim 32, wherein said device associated with said 
subject produces a correct password only when the device reads a biometric from the subject. 

34. (Original) The method according to claim 20, wherein biometric information for a 
plurality of subjects is stored in a device associated with the subject. 

8 
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/ 35. (Currently amended) An apparatus for secure authentication, without compromising 
privacy of a subject, said apparatus comprising: 

a reader, associated with the subject, for reading a specified biometric of said subject; 

and 

a password generator for producing a password needed based needed, based on said 
biometric^ 

I wherein said biometric is maintained as being inaccessible to any external device . 

36. (Original) The apparatus according to claim 35, wherein said password generator 
includes an encryption device xjsing at least one of encryption and secure hashing. 

^ 37. (Currently amended) An apparatus for secure authentication, said apparatus comprising: 
means, associated with a subject, for reading a specified biometric of said subject; and 
means for producing a password needed based on said biometric, without providing 
access to said biometric by any CKtemal device or by anyone other than said subject. 

38. (Original) The apparatus according to claim 37, wherein said means for producing said 
password includes an encryption device using at least one of encryption and secure hashing. 

/^39. (Currently amended) A method of identifying a subject, said method c omprising: 



9 
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using one or a plurality of biometric measurements for identification without any 



sharing of the subject's biometric data bv maintaining said biometric data as inaccessible to 
any external device . 

40. (Original) The method of claim 39, wherein a subject's identity is determined locally, 
under the subject's control, by having the subject provide at least one of a user ID and by 
biometric identification of the subject among enrolled authorized subjects, and 

wherein said identification produces a set of N best matches for N subsets, and an 
index formed by concatenation of the N indices uniquely identifies the subject. 



41. (Currently amended) A method for identification of a subject, said method comprising: 



selectively requesting any of a password and a knowledge-based information from 
said subject; and 

simultaneously with said selectively requesting, interrogating biometric information 
of the subject, said biometric information being carried by said subject and being maintained 
as inaccessible bv any external device . 

42. (Original) The method of claim 41 , wherein a subject's identity is determined locally 
under the subject's control, by having the subject provide at least one of a user ID and by 
biometric identification of the subject among enrolled authorized subjects, and 

wherein said identification produces a set of N best matches for N subsets, and an 
index formed by concatenation of the N indices uniquely identifies the subject. 
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^43. (Cuirently amended) An apparatus for identification of a subject, said apparatus 



comprising: 

a reader, associated with the subject, for reading a specified biometric of said subject; 



a password generator for producing a password needed based needed, based on said 
biometric^. 

wherein said biometric is maintained inaccessible by anv external device . 



44. (Original) The apparatus according to claim 43, further comprising: 

means for storing data of said biometric in an individual unit, said individual unit 
belonging to said subject. 

45. (Original) The apparatus according to claim 44, wherein said individual imit is portable 
for being carried by said subject. 

46. (Original) The apparatus according to claim 44, wherein said individual unit is 
non-portable. 

47. (Original) The apparatus according to claim 44, wherein said individual imit comprises 
one of a smart card, a personal area network (PAN) tool, and an apparatus linked to a 
network. 



and 




i 



11 



PACE 1 2/17 * RCVD AT 2/1 TflOtH 9:4S:S2 PM [Eastern standard Time] ' 8VR:U8PTO-EFXRF-1/0 * DNI8:872930B ' C8ID:703761 237S ' DURATION (mnvss):04-44 



02/17/2004 18:43 FAX 7037612375 



McGlnn&Glbb,PLLC 



iaoi3 




S/N 09/372,170 
Docket: Y0998-529 

48. (Original) The apparatus according to claim 44, wherein a subject's identity is 
determined locally, under the subjects control, by having the subject provide at least one of a 
user ID and by biometric identification of the subject among enrolled authorized subjects 
being read by said reader, and 

wherein said identification produces a set of N best matches for N subsets, and an 
index formed by concatenation of the N indices uniquely identifies the subject 



5 



/ 



49. (Previously presented) An apparatus comprisingr 



a sensor to obtain biometric data; 

a non volatile memory to store biometric data from said sensor during a initiation 

'^^^^ stage; and 

a comparator to compare said biometric data stored in said non volatile memory with 
a biometric data obtained by said sensor during an authentication stage, 

wherein said sensor, said non volatile memory, and said comparator are all located on 
a same device. 



12 
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